W3C home > Mailing lists > Public > www-forms@w3.org > October 2003

RE: XForms Security (Was: saving submitted XML locally)

From: Klotz, Leigh <Leigh.Klotz@pahv.xerox.com>
Date: Fri, 24 Oct 2003 09:06:37 -0700
Message-ID: <51B8ABCE456FD111899900805F6FD6EE14FDDC90@mercury.ADOC.xerox.com>
To: "'AndrewWatt2001@aol.com'" <AndrewWatt2001@aol.com>, "'tvraman@almaden.ibm.com'" <tvraman@almaden.ibm.com>
Cc: "'www-forms@w3.org'" <www-forms@w3.org>, "'XForms@yahoogroups.com'" <XForms@yahoogroups.com>, "'bob.ducharme@lexisnexis.com'" <bob.ducharme@lexisnexis.com>
In XForms 1.0, submission action with a file: URI and method put and get is
a MAY not a MUST.  
User agents that are unable to provide a file system (for example, by being
unable to meet the requirements of the underlying platform for filesystem
access control) need not provide file: action.
Not every application of XForms is XForms+XHTML in a sandbox browser, but
for those that are, sandboxing is the user agent responsibility.

-----Original Message-----
From: AndrewWatt2001@aol.com [mailto:AndrewWatt2001@aol.com] 
Sent: Friday, October 24, 2003 12:50 AM
To: tvraman@almaden.ibm.com
Cc: www-forms@w3.org; XForms@yahoogroups.com; bob.ducharme@lexisnexis.com
Subject: XForms Security (Was: saving submitted XML locally)


In a message dated 23/10/2003 21:56:35 GMT Daylight Time, tvraman@us.ibm.com
writes:



Use file:// URI to save it to local storage?


>>>>>"DuCharme," == DuCharme, Bob (LNG-CHO) <bob.ducharme@lexisnexis.com>
writes:
  DuCharme,> If I want to save the XML submitted by my XForm as
  DuCharme,> a local disk file, I suppose I could run Tomcat
  DuCharme,> and point submission/@action to a CGI running on
  DuCharme,> http://localhost:8080/whatever, but I'm wondering
  DuCharme,> if anyone knows a leaner way to do it.
  DuCharme,> 
  DuCharme,> thanks,
  DuCharme,> 
  DuCharme,> Bob

-- 
Best Regards,
--raman



TV,

What do you consider to be the security implications of the use of file:///
URLs in XForms?

Do you consider that adequate safeguards are in place to prevent any chance
of malicious exploits?

Andrew Watt 
Received on Friday, 24 October 2003 12:09:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 10 March 2012 06:21:56 GMT